DEV Community

Weather Clock Dash
Weather Clock Dash

Posted on

Privacy by Design: What Data My Firefox Extension Sends (and What It Doesn't)

#privacy #firefox #opensource #webdev

When I built the Weather & Clock Dashboard extension for Firefox, I made a non-obvious decision early on: no analytics, no error tracking, no third-party anything except the weather API call.

Here's what that actually means in practice.

What data leaves the browser?

Exactly one thing: your weather location.

When you open a new tab, the extension makes a single HTTP request to Open-Meteo:

GET https://api.open-meteo.com/v1/forecast?latitude=40.71&longitude=-74.01&current_weather=true...
Enter fullscreen mode Exit fullscreen mode

That's it. Your coordinates (obtained from navigator.geolocation) go to Open-Meteo's servers to fetch weather data. No user ID. No session token. No cookies.

Open-Meteo is an open-source project that doesn't log IP addresses beyond standard server logs. Their privacy policy is one page long.

What stays local?

Everything else:

  • Theme preference (dark/light): localStorage
  • Clock timezones: browser.storage.local
  • Last known coordinates: browser.storage.local
  • Search engine preference: browser.storage.local

None of this data is transmitted anywhere. It's stored using browser APIs and stays on your device.

The no-framework advantage

Because the extension is pure HTML/CSS/JS with no build step, there are no transitive dependencies that could be compromised.

Compare this to an npm-based extension:

my-extension
├── webpack 5.88.0
│   ├── webpack-sources 3.2.3
│   ├── enhanced-resolve 5.15.0
│   │   └── graceful-fs 4.2.11
...
(200+ more packages)
Enter fullscreen mode Exit fullscreen mode

Every package in that tree is a potential supply chain attack vector. I don't have that problem because my package.json doesn't exist.

What permissions does the extension request?

Just two, in manifest.json:

{
  "permissions": ["storage", "geolocation"]
}
Enter fullscreen mode Exit fullscreen mode
  • storage — to save your preferences locally
  • geolocation — to get weather for your location (you see a browser permission prompt the first time)

No activeTab. No tabs. No history. No cookies. No webRequest.

Mozilla's AMO review process also validates this — the extension can't silently request permissions beyond what's declared.

Why this matters for new tab extensions

Your new tab page is a privileged context. It opens every time you start browsing. It sees your screen constantly.

A malicious new tab extension could:

  • Log every time you open a new tab (timestamps reveal browsing habits)
  • Track your search queries via a modified search bar
  • Load third-party ad networks that fingerprint your browser
  • Silently exfiltrate your browsing patterns

I designed this extension to not be able to do any of those things, by construction.

Open source as accountability

The extension is MIT-licensed on Mozilla Add-ons. The source is the newtab.html file that ships in the extension XPI — you can inspect it with unzip extension.xpi and read every line.

There's no minified bundle hiding telemetry. What you see is what runs.

If you've been looking for a new tab extension that isn't secretly a data collection operation, give it a try.

Follow @weatherclockdash on Mastodon for updates.

Top comments (0)